US5751808A  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions  Google Patents
Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions Download PDFInfo
 Publication number
 US5751808A US5751808A US08/752,033 US75203396A US5751808A US 5751808 A US5751808 A US 5751808A US 75203396 A US75203396 A US 75203396A US 5751808 A US5751808 A US 5751808A
 Authority
 US
 United States
 Prior art keywords
 zeta
 primes
 public key
 set
 subset
 Prior art date
 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
 Expired  Fee Related
Links
 239000004020 conductor Substances 0 claims description 20
 238000009826 distribution Methods 0 claims description 12
 238000000034 methods Methods 0 abstract description 6
 230000000875 corresponding Effects 0 claims description 2
 241001076939 Artines Species 0 abstract 1
 230000001172 regenerating Effects 0 claims 1
 238000004422 calculation algorithm Methods 0 description 14
 239000003623 enhancer Substances 0 description 12
 230000002708 enhancing Effects 0 description 12
 238000004891 communication Methods 0 description 9
 239000000047 products Substances 0 description 7
 238000006011 modification Methods 0 description 4
 230000004048 modification Effects 0 description 4
 230000001702 transmitter Effects 0 description 4
 238000005315 distribution function Methods 0 description 3
 230000001174 ascending Effects 0 description 2
 238000005516 engineering processes Methods 0 description 2
 239000003638 reducing agent Substances 0 description 2
 238000004458 analytical methods Methods 0 description 1
 238000005340 analytical number Methods 0 description 1
 238000007429 general methods Methods 0 description 1
 230000001965 increased Effects 0 description 1
 230000002829 reduced Effects 0 description 1
 238000003860 storage Methods 0 description 1
Images
Classifications

 G—PHYSICS
 G06—COMPUTING; CALCULATING; COUNTING
 G06F—ELECTRIC DIGITAL DATA PROCESSING
 G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
 G06F7/58—Random or pseudorandom number generators
 G06F7/582—Pseudorandom number generators

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication the encryption apparatus using shift registers or memories for blockwise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
 H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
 H04L9/0656—Pseudorandom key sequence combined elementforelement with data sequence, e.g. onetimepad [OTP] or Vernam's cipher
 H04L9/0662—Pseudorandom key sequence combined elementforelement with data sequence, e.g. onetimepad [OTP] or Vernam's cipher with particular pseudorandom sequence generator

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
 H04L9/3093—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme

 G—PHYSICS
 G06—COMPUTING; CALCULATING; COUNTING
 G06F—ELECTRIC DIGITAL DATA PROCESSING
 G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
 G06F7/60—Methods or arrangements for performing computations using a digital nondenominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and nondenominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
 G06F7/72—Methods or arrangements for performing computations using a digital nondenominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and nondenominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
 G06F7/724—Finite field arithmetic
 G06F7/725—Finite field arithmetic over elliptic curves
Abstract
Description
This is a continuation of application Ser. No. 08/400,928, filed Mar. 9, 1995, now U.S. Pat. No. 5,577,124.
1. Field of the Invention
The present invention relates to the generation of cryptographically secure sequences at very high speed. More particularly, this invention relates to the generation of such sequences with predetermined probability distribution with cryptographic security based on zetaoneway functions with applications to authentication, key transfer, and publickey cryptography.
2. Description of the Prior Art
In 1917 Gilbert Vernam introduced the onetime pad cryptosystem, a secret key cryptosystem for telegraphic communication (D. Kahn, The codebreakers: the story of secret writing, Macmillan, New York, N.Y. (1967), 394396). The onetime pad cryptosystem is provably secure from the informationtheoretic point of view introduced by Claude Shannon (C. E. Shannon, Communication theory of secrecy systems, Bell Systems Technical Journal 28 (1949), 657715) and later refined by Martin Hellman (M. E. Hellman, An extension of Shannon's approach to cryptography, IEEE Transaction on Information Theory v. IT23 n.3 (1977), 289294). The onetime pad system, according to Ronald Rivest, in his survey of contemporary cryptography, is rarely used because of the difficulty in generating, sharing, and storing very large keys (R. L. Rivest, Cryptography, p.721 in Handbook of theoretical computer science volume A: Algorithms and complexity, J. Van Lueewen, managing editor, MIT Press, Cambridge, Mass. (1994)). Rivest points out that one motivation for generating random pseudorandom sequences is for use in the onetime pad cryptosystem (ibid p. 735). According to Rivest (ibid p. 737) Manuel Blum and Silvio Micali introduced the first method for designing provably secure pseudorandom bit generators based on oneway predicates (M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudorandom bits, SIAM Journal on Computing, vol. 13 no. 4 (1984). The term cryptographically secure in this setting is from the perspective of computational complexity. Rivest (ibid p. 738) also notes that a perfect pseudorandom bit generator exists if and only if there exists a oneway function F that cannot be easily inverted at points G(x) where G is the t^{th} iterate of F applied to a kbit string x. Rivest attributes this result to Leonid Levin (L. A. Levin, Oneway functions and pseudorandom number generators, Combinatorica 7 (1987), 357363).
According to Rivest (ibid p. 729), the notion of a publickey system was first published by Whitfield Diffie and Martin Hellman in 1976 (W. Diffie and M. E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory IT22 (1976), 644654, also described in U.S. Pat. No. 4,200,700). Rivest observes that their general method makes use of trapdoor oneway permutations (ibid p. 729). Rivest also observes that the DiffieHellman method allows two parties to establish a shared secret key via a public discussion that anyone can overhear. Rivest himself, together with Adi Shamir and Leonard Adleman, introduced a system known today as the RSA publickey cryptosystem (R. Rivest, A. Shamir, and L. M. ADLEMAN, A method for obtaining digzial signatures and publickey cryptosystems, Communications of the ACM 21 (1978), 120126, also described in U.S. Pat. No. 4,405,829). The pioneering work on probabilistic publickey encryption was performed by Shafi Goldwasser and Silvio Micali (S. Goldwasser and S. Micali, Probabilistic encryption, Journal of Computer and System Sciences 26 (2) (1984), 270299). Goldwasser and Micali employ the intractability of the quadratic residue problem in their constructions. The DiffeHellman, the RSA and the Goldwasser and Micali systems employ trapdoor oneway functions which have the deficiency that they require nonlinear computations in extremely large finite rings.
The idea of a zeta oneway function was announced at the Special Session on Analytical Number Theory, Spring Meeting of the American Mathematical Society, Polytechnic University, Brooklyn, New York, Apr. 9, 1994 (M. Anshel and D. Goldfeld, Zeta functions as oneway functions and cryptography, A.M.S. Abstracts, Vol 15, no. 3 (April 1994), p. 349). Examples of such oneway functions are implicit in the earlier literature. For example, Kevin McCurley, in reference to sequences that are hard to predict (Kevin S. McCurley, Odds and ends from cryptology and computational number theory, in Cryptology and Computational Number Theory, C. Pomerance, Editor of the Proceedings of the Symposia in Applied Mathematics, Volume 42, A.M.S. Providence, R.I. (1990), p. 162) cites the work of Ivan Bjerre Damgård (I. V. Damgård, On the randomness of Legendre and Jacobi sequences, in Advances in Cryptology (Proceedings of Crypto '88), Lecture Notes in Computer Science, SpringerVerlag 403 Berlin (1990), 163172). Damgård employs Legendre and Jacobi sequences to produce sequences which are difficult to predict. Leonard Adleman and Kevin McCurley draw on Legendre sequences to define and discuss the Quadratic Signature Problem in connection with the complexity of factoring and its relation to the extended Riemann hypothesis (Leonard M. Adleman and Kevin S. McCurley, Open problems in number theoretic complexity II, in Algorithmic Number Theory, Leonard M. Adleman and MingDeh Huang (Editors), Lecture Notes in Computer Science 877 Berlin (1994), 301302). The current invention utilizes the unpredictability of certain Jacobi sequences and a generalization of the Quadratic Signature Problem to construct new trapdoor functions from zeta oneway functions for applications to private and public key cryptography.
It is a primary object of the present invention to provide a novel high speed cryptographically secure sequence generator (based on zeta oneway functions) for creating stream cipher code with predetermined probability distribution.
It is another primary objective of the present invention to provide a novel high speed code sequence generator (based on zeta oneway functions) for creating stream cipher code, with predetermined probability distribution, at higher security levels and concurrently at higher sequence rates than was heretofore possible.
It is another primary object of the present invention to construct new trapdoor oneway functions from cryptographically secure sequence generators (based on zeta oneway functions) for use in public key cryptography.
It is an object and feature of the present invention to provide an algebrogeometric combiner for creating high speed cryptographically secure sequences, with predetermined probability distribution, whose security is based on a zetaoneway function associated to an algebraic variety specified by the predetermined probability distribution.
It is an object and feature of the present invention to provide a cryptographically secure authentication algorithm based on zetaoneway functions associated to algebraic varieties.
It is an object and feature of the present invention that: (1) public authentication keys are generated with a stream cipher based on a zetaoneway function, (2) the public authentication keys are themselves zeta oneway functions, and (3) a particular public authentication key is never used more than once in the implementation of the authentication algorithm.
It is an object and feature of the present invention to provide a cryptographically secure public key transfer based on zeta oneway functions.
It is an object and feature of the present invention to provide a cryptographically secure publickey cryptosystem based on zeta oneway functions.
It is a feature of the present invention that the problem of key management is minimized in the authentication algorithm. This is due to the fact that keys are only used once and then discarded.
It is a feature of the present invention that the public and private keys can be efficiently generated, shared and stored.
It is a feature of the present invention that the publickey cryptosystem provides dynamic encryption, i.e. a given bit will be encrypted in a totally different manner at each time.
It is a feature of the present invention to provide privacy enhanced communication by modest modification of the public key which results in modest modification of the key transfer process, and similarly results in modest modification of the encryption process in the public key cryptosystem.
It is a feature of the present invention that stream cipher code based on zetaoneway functions can be generated by arithmetic operations in small finite fields, i.e., finite fields whose number of elements is at most polynomial in the logarithm of the analytic conductor of the associated zeta function. This allows for easy implementation of the algorithms on low level computing devices with table driven modules.
To summarize, the present invention provides a high performance, high integrity, cryptographically secure sequence generator based on zeta oneway functions for pseudorandom sequence generation, authentication, key transfer by public discussion, and public key encryption.
The system according to the invention is particularly suited towards implementation using currently available digital technology, commercially popular microprocessor based systems, and other affordable digital components. Significant portions of the system may be implemented and significant portions of the method according to the invention may be performed by software in a microcomputer based system or by hardware installed in such systems or other communication devices and combined with facsimile transmission components or communication terminals.
FIG. 1 shows a zeta function chooser.
FIG. 2 shows a zeta coefficient generator.
FIG. 3 shows a zeta pseudorandom number generator.
FIG. 4 shows a zeta function authenticator
FIG. 5 shows a HasseWeil pseudorandom number generator.
FIG. 6 shows a specific HasseWeil pseudorandom number generator.
FIG. 7 shows a public key transfer system.
FIG. 8 shows a public key encryption system.
FIG. 9 shows a zeta communication system with two stations.
FIG. 10 shows a schematic diagram of the basic zeta function machine.
FIG. 11 shows a zeta apparatus in pseudorandom sequence generator mode.
FIG. 12 illustrates the operation of the zeta apparatus.
FIG. 13 shows the zeta apparatus in an authentication mode.
FIG. 14 shows the zeta apparatus in a key transfer mode.
FIG. 15 shows the zeta apparatus in sendreceive mode.
Let n≧0 be an integer and define ##EQU1## where for an arbitrary real number x≧0, .left brktbot.x.right brktbot. denotes the greatest integer less than or equal to x. We refer to d_{2} (n) as the bit size of n. We extend this notion to nonnegative integral vectors by defining the norm ∥∥(n_{1}, n_{2}, . . . , n_{t})∥∥ of a vector (n_{1}, n_{2}, . . . , n_{t}) εN^{t} as ##EQU2##
Fix positive rational integers r, s. A function
f: N.sup.r →N.sup.3
is a oneway function provided the following three conditions hold.
(i) There exists an integer k>0 such that
∥∥n∥∥.sup.l/k ≦∥∥f(n)∥∥≦∥.parallel.n∥∥.sup.k
for n=(n_{1}, n_{2}, . . . , n_{r})εN^{r}.
(ii) f(n) can be feasibly computed in polynomial time in ∥∥n∥∥.
(iii) Given m ε N^{3}, there does not exist a feasible polynomial time algorithm which either computes a vector n ε N^{r} such that f(n)=m or indicates that no such value exists.
Condition (i) says that the bit size of f(n) is neither polynomially longer or shorter than the bit size of n. The term feasibly computed in polynomial time in condition (ii) and feasible polynomial time in condition (iii) means that the output may be created within the bounds of the technology employed and within the time bounds dictated by the purposes of the computation.
We now introduce a class of oneway functions based on the theory of zeta functions. In particular, we introduce the feasible polynomial time Selberg class Z. The Selberg class was introduced in (A. Selberg, Old and new conjectures and results about a class of Dirichlet series, Collected Papers, Vol. 2, No. 44, SpringerVerlag (1991), 4763), and we concretize the notion by introducing the concept of feasibility.
The feasible polynomial time Selberg class Z consists of zeta functions Z(s) which are given as Dirichlet series ##EQU3## (with complex coefficients a(n)) where it is assumed that the defining Dirichlet series Z(s) is absolutely convergent in some halfplane Re(s)>>1. It is further assumed that Z(s) is a meromorphic function of a single complex variable s which satisfies the following hypotheses:
(iv) a(n)=0(n^{C}) for some constant C>0 independent of n.
(v) log Z(s)=Σ_{n} b(n)·n^{s}, where b(n)=0 unless n=p^{r}, a positive prime power.
(vi) Given a prime power p^{r}, ∃ an algorithm to compute b(p^{r}) in feasible polynomial time.
(vii) There exists A, k, b_{i} >0, w ε C with ∥w∥=1, and a polynomial P(s) such that Z(s) satisfies a functional equation of type: ##EQU4##
The constant A in the functional equation is called the analytic conductor of the zeta function. The Riemann hypothesis for any subfamily Z' .OR right. Z is the statement that all zeros of Λ(s) (corresponding to Z(s) ε Z') have Re(s)=k/2.
Definition: We say a subfamily of Z is bounded provided: (1) the conductor A in the functional equation (for any zeta function in the subfamily) lies in a fixed finite interval, (2) Abundance Property: For every ε>0, the number of distinct zeta functions in the subfamily for which the conductor A lies in an interval of length B is greater than B^{1}ε a3 B→∞.
Definition: Let Z^{B} .OR right. Z be a bounded subclass. The class Z^{B} is said to be focused on (B, 2B) if for every zeta function in Z^{B} its conductor A ε (B, 2B).
We now restrict ourselves to the fixed subclass Z_{HasseWeil} .OR right. Z of all zeta functions of HasseWeil type (see, D. Husemoller, Elliptic Curves, Graduate Texts in Mathematics 111, SpringerVerlag, New York (1987), 291293). Fix a large integer B. We now explicitly describe the oneway function based on a fixed bounded subclass
Z.sup.B.sub.HasseWeil .OR right. Z.sub.HasseWeil.
In order to simplify the exposition, we assume that the algebraic variety associated to Z_{HasseWeil} is defined over Q. In this case the coefficients in the Dirichlet expansion of all zeta functions in Z_{HasseWeil} are rational integers. It is known (Dorian Goldfeld, Jeffrey Hoffstein, On the number of Fourier coefficients that determine a modular form, in Contemporary Math. 143, A Tribute to Emil Grosswald: Number Theory and Related Analysis, Amer. Math. Soc. (1993), 385393) that the Riemann hypothesis for a zeta function in Z_{HasseWeil} implies that the zeta function is uniquely determined by its initial b=(log B)^{2+}ε Dirichlet coefficients. Let D_{HassseWeil} denote the set of all vectors consisting of the first b coefficients of any zeta function in Z_{HasseWeil}. Then
D.sub.HasseWeil .OR right. N.sup.b.
The zeta functions in Z_{HasseWeil} can be ordered by vectors of nonnegative integers determined by the polynomial equations defining the variety associated to the zeta function in Z_{HasseWeil}. Our oneway function is the function f where
f: Z.sub.HasseWeil →D.sub.HasseWeil
is the function that associates to any zeta function in Z_{HasseWeil} the vector of its initial b Dirichlet coefficients.
The HasseWeil zeta oneway functions are a special case of the more general JacquetLanglands zeta oneway functions which we now briefly describe. The JacquetLanglands class of zeta functions, denoted Z_{JL} ε Z, consists of zeta functions associated to cuspidal automorphic forms on reductive groups (see Stephen S. Gelbart, Automorphic Forms on Adele Groups, Annals of Mathematics Studies 83 Princeton University Press and University of Tokyo Press, Princeton, N.J. (1975), 108121). Similarly as above, it is possible to define a zeta oneway function for this class.
We now describe the zeta pseudorandom number generator associated with a positive integer q. Consider the list
{0, 1, 2, . . . , q1}
of the first q nonnegative integers. We view these as symbols. A pseudorandom number generator based on q with uniform probability distribution function pdf is a feasible polynomial time algorithm whose outputs are sequences
a.sub.1, a.sub.2, a.sub.3, a.sub.4, a.sub.5, . . .
with a_{i} ε {0, 1, 2, . . . , q1} for i=1, 2, 3, . . . , with uniform probability distribution function pdf. This simply means that the probability of the symbol j ε {0, 1, 2, . . . , q1} occurring is pdf(j) and the probability of any finite sequence {j_{1}, j_{2}, . . . j_{3} } occurring is Π_{i=1} ^{s} pdf(j_{i}). The zeta pseudorandom number generator based on q will now be described. For simplicity we restrict ourselves to the class, Z_{HasseWeil}, of HasseWeil zeta functions defined over the rational numbers Q. Let ##EQU5## be in Z_{HasseWeil}. Define a_{q} (n) by the congruence
a.sub.q (n).tbd.a(n) (mod q),
where a_{q} (n)ε{0, 1, 2, . . . , q1}. The zeta pseudorandom number generator based on q and HasseWeil zeta function ζ(s) simply outputs the sequence
a.sub.q (2), a.sub.q (3), a.sub.q (5), a.sub.q (7), a.sub.q (11), a.sub.q (13), a.sub.q (17), . . .
running over the list of the precomputed positive integral primes. To construct a zeta pseudorandom number generator based on q with a given uniform probability distribution pdf, it is necessary to carefully choose the particular HasseWeil zeta function ζ(s), or equivalently, the algebraic variety which defines it. The choice of the variety will be determined by Serre's theory of abelian qadic representations (JeanPierre Serre, Abelian ladic Representations and Elliptic Curves, W. A. Benjamin Inc. New York (1968), 2126). The new zeta function ##EQU6## will be in the JacquetLanglands class. This means that if we consider the finite sequence
L={a.sub.q (2), a.sub.q (3), a.sub.q (5), a.sub.q (7), a.sub.q (11), a.sub.q (13), . . . a.sub.q (q)}
with some prime q not larger than (log A)^{2+}ε, where A denotes the conductor of ζ_{q} (s), then it will not be feasible to reconstruct ζ_{q} (s) from the list L in polynomial time in the number of digits of A. This is equivalent to the fact that ζ_{q} (s) determines a zetaoneway function.
First, we describe the Zeta Function Chooser 20, which accepts as inputs: k 10, and a pair (q, pdf) 11 consisting of a positive integer q≧2 and a rational probability distribution pdf on q symbols. The input 11 goes to the Abelian Variety Classifier 12 which chooses a class of abelian varieties V. The input k 10, together with the output V of 12 is presented to the Fast Abelian Variety Generator 13 which generates a particular abelian variety v ε V and outputs the zeta code associated to v. This completes the description of the Zeta Function Chooser 20 encapsulated in FIG. 1.
Next we describe the Zeta Coefficient Generator, ZCG 30. ZCG 30, accepts as inputs, an input password k 10, a pair (q,pdf) 11 consisting of a positive integer q≧2 and a rational probability distribution function pdf on q symbols, and a monotone increasing sequence 22 of s positive prime integers (p_{1}, p_{2}, . . . , p_{3}). Inputs 10 and 11 are presented to the Zeta Function Chooser 20 which outputs the zeta code for producing a zeta function ##EQU7## When the zeta code and the input 22 are presented to the Zeta Function Coefficient Producer 21, then 21 computes the sequence of zeta coefficients
a(p.sub.1), a(p.sub.2), . . . , a(p.sub.3).
This data is then stored in the Zeta Coefficient Store and Forward Module 23. This completes the description of the Zeta Coefficient Generator 30 encapsulated in FIG. 2.
We now proceed to describe the Zeta Pseudorandom Number Generator ZPNG given in FIG. 3. Inputs 10, 11, and 22 are presented to ZCG 30, resulting in a sequence of zeta coefficient zcs,
a(p.sub.1), a(p.sub.2), . . . , a(p.sub.3)
stored in 23. The data, zcs, is then forwarded to the qReducer 31 which computes the new sequence zcsq
a(p.sub.1), a(p.sub.2), . . . , a(p.sub.3) (mod q),
which is forwarded to the Pseudorandom Number Sequence Store and Forward Module 32. The final output zcsq will be a pseudorandom sequence on the q symbols {0, 1, 2, . . . , q1} with probability distribution pdf. This completes the description of the Zeta Pseudorandom Number Generator ZPNG.
We now describe a very simple and highly secure authentication algorithm. Consider a network of users. Every user has a fixed private key k(0). We let s=1, 2, 3, . . . denote the state of the user. Initially, s=1. At every state s=1, 2 , 3, . . . the user has a private key v(s) (which is an abelian variety) and a public key k(s) (the initial zeta coefficients of the HasseWeil zeta function associated to v(s)). The public key k(s) is announced to all the other users. These keys are computed as follows. Upon receiving the inputs k(0), s, 40, the Zeta Pseudorandom Number Generator ZPNG 41 outputs zeta code which is transformed by the Zeta Code Transformer 42 and converted to suitable input for the Fast Abelian Variety Generator 13 which generates the abelian variety v(s) and computes the zeta code k(s) associated to v(s). This information is sent to the Public Key Announcer 43 which announces the public key k(s) for the state s. The public and private keys k(s), v(s) are then sent to the Authenticator 44 which publicly announces v(s) if authentication is required. At this point, the state s is incremented by one, i.e., s=s+145 and the entire process repeats. Every public key v(s) is used only once and then discarded. It is never used again.
We give a simple example of our Zeta Pseudorandom Number Generator ZPNG 41 where the class of abelian varieties is prechosen to be the class of elliptic curves and the input 11 is prechosen such that q=2 and the probability distribution pdf is the probability distribution on 2 symbols (0, 1) determined by pdf(0)=1/3 and pdf(1)=2/3.
We first describe the HasseWeil Zeta Function Coefficient Generator 52 in FIG. 5. The input is a positive rational integer k, 50 which uniquely determines a pair of integers a, b satisfying b^{3} 27a^{2} ≠0. To provide additional security to the overall system the pair of integers (a, b) may be produced from the input k, 50, by employing a oneway function. The Fast Elliptic Curve Generator 51 generates the elliptic curve
E: y.sup.2 =x.sup.3 axb.
The HasseWeil Zeta Function Coefficient Producer 52 has 2 inputs: the elliptic curve E outputted by 51 (which in the general case is referred to as the zeta code in FIG. 2), and the input (p_{1}, . . . , p_{3}), 53. The HasseWeil Zeta Function Coefficient Producer 52 (see, D. Husemoller, Elliptic Curves, Graduate Texts in Mathematics 111, SpringerVerlag, New York (1987), 291293) then outputs the coefficients
a(p.sub.1), . . . , a(p.sub.3)
of the HasseWeil Zeta Function ##EQU8## associated to E to the Zeta Coefficient Store and Forward Module 54. This completes the description of the HasseWeil Zeta Function Coefficient Generator 51 in FIG. 5.
We now give a description of the algorithm for our example. The inputs k, 50 and (p_{1}, . . . , p_{3}), 53 are sent to the HasseWeil Zeta Function Coefficient Generator 60 which ouputs the zeta coefficients a(p_{1}), . . . , a(p_{3}). These are sent to the 2Reducer 61 which reduces each of these coefficients (mod 2)
a(p.sub.1), . . . , a(p.sub.3) (mod 2).
The result will be the required binary pseudorandom number sequence which is then sent to the Pseudorandom Number Sequence Store and Forward Module 62.
We now describe an algorithm for key transfer by public discussion whose security is based on a zeta oneway function. It is a feature of this algorithm that neither party will have knowledge of the key k prior to the transfer. Since it is enough to transfer one bit at a time we shall assume that k ε{+1, 1}.
The algorithm can be developed in rather large generality. For example, if Z(s)=Σ_{n=1}.sup.√ a(n)n^{3} is in the feasible polynomial time Selberg class and there exists an integer f, a function b(x, y) on pairs of integers x, y, and a set A of integers such that
a(n)=b(n, f) (1)
b(n, f)=b(f, n) if n, fεA, (2)
then the key transfer algorithm can be developed. A very general class of zeta functions which satisfy (1) and (2) is the class of Artin Lfunctions (see H. Heilbronn, Zetafunctions and Lfunctions, in Algebraic Number Theory, Proceedings of an Instructional Conference organized by the London Mathematical Society, (Edited by J. W. S. Cassels and A. Frohlich), Thompson Book Company Inc., Washington D.C. (1967), 218225) and condition (2) above is a consequence of the Artin reciprocity law.
In order to simplify the exposition, we focus on the special example of Dirichlet Lfunctions with real quadratic characters x (mod f) where ##EQU9## is the Jacobi symbol (see Harold Davenport, Multiplicative Number Theory, Second Edition, revised by H. L. Montgomery, Graduate Texts in Mathematics 74, SpringerVerlag, New York (1980), 3840) of conductor f. Let ##EQU10## denote the Dirichlet Lfunction associated to X.
Fix a large integer X and divide the set of primes congruent to one modulo four (which are less than X) into two classes P, P' where
P={primes p≦Xp.tbd.1 (mod 8)}
P'={primes p≦Xp.tbd.5 (mod 8)}.
Let m denote the cardinality of the set P, and let m' denote the cardinality of the set P'. We preassign P to the first party engaging in the key exchange, and we preassign P' to the second party. Since the key transfer protocol is entirely symmetric, it is enough to restrict our discussion to the first party. We italicize the symmetric operations for the second party. We now describe the key transfer algorithm encapsulated in FIG. 7.
Upon receiving the input 70 of a positive integer r, the Prime Chooser 71 randomly chooses r primes P_{i}.sbsb.1,P_{i}.sbsb.2, P_{i}.sbsb.3, . . . P_{i}.sbsb.r in the set P. (the second party chooses r' primes p'_{i}.sbsb.1, p'_{i}.sbsb.2, . . . p'_{i}.sbsb.r, in P'). These are sent to the Multiplier 72 which simply computes the product p=p_{i}.sbsb.1 ·p_{i}.sbsb.2 . . . p_{i}.sbsb.r (the second party computes p'=p'_{i}.sbsb.1 ·p'_{i}.sbsb.2 . . . p'_{i}.sbsb.r') and then sends p to the Jacobi Symbol Generator 73 and the Jacobi Symbol Chooser 75. The Jacobi Symbol Generator 73 computes the vector ##EQU11## where
p'.sub.1 =5, p'.sub.2 =13, p'.sub.3 =29 . . .
are the primes in P' written in ascending order. The Jacobi Symbol Generator sends the vector of Jacobi symbols to the Public Key Announcer 74. The Public Key Announcer 74 publicly announces the vector ##EQU12## The public Announcer for the second party will announce the vector ##EQU13## where
p.sub.1 =17, p.sub.2 =41, p.sub.3 =73 . . .
are the primes in P written in ascending order. When this data is presented to the Jacobi Symbol Chooser 75, the Jacobi Symbol Chooser chooses the vector of Jacobi symbols ##EQU14## and this data is sent to the Multiplier 72 which multiplies these Jacobi symbols to produce the key k given by ##EQU15## It is a consequence of the law of quadratic reciprocity that both parties will obtain the same key by this process.
Fix a large integer X and divide the set of primes congruent to one modulo four (which are less than X) into two classes P, P' where
P={primes p≦Xp.tbd.1 (mod 8)}
P'={primes p≦Xp.tbd.5 (mod 8)}.
Let m denote the cardinality of the set P, and let m' denote the cardinality of the set P'. We preassign the set P to the person holding the public encryption key (we shall call this person A) and we preassign the set P' to anyone (called B) who wishes to communicate with A. Let A have input r 70 and let B have input r' 70. It is required that the input r 70 be an odd integer. The public encryption key is simply the output of the Public Key Announcer 74 in FIG. 7.
We now describe the encryption algorithm (encapsulated in FIG. 8) which allows B to encrypt a single bit a which we may assume to be either +1 or 1. Clearly, a long message can be encrypted bit by bit by iterating the procedure. The input a is sent to the Encryptor 81. When the input r' 80 is presented to the Prime Chooser 71 in FIG. 8, r' primes p'_{i}.sbsb.1, p'_{i}.sbsb.2, . . . p'_{i}.sbsb.r, are randomly chosen from the set P'. These are then transferred to the Multiplier 72 which computes the product
p'=p'.sub.i.sbsb.1 ·p'.sub.i.sbsb.2 . . . p'.sub.i.sbsb.r'.
Upon receiving the input p', the Jacobi Symbol Generator 73 generates the list of Jacobi symbols ##EQU16## This list is then sent to the Encryptor 81. The Jacobi Symbol Chooser 75, upon receiving the public encryption key ##EQU17## then chooses the appropriate subset of these Jacobi symbols, i.e. the symbols ##EQU18## and sends these symbols to the Multiplier 72. The Multiplier 72 then multiplies these symbols and transfers the product k to the Encryptor 81. The Encryptor 81 then produces the list of plus and minus ones given by ##EQU19## where ε=a·k. This is the encrypted bit. The reason for multiplying every element of the list by ε is to insure that the key transfer mechanism used by A in decryption will yield a. The fact that r is odd guarantees the success of the method. Since the Prime Chooser 71 generates a random list of primes, it cannot be guaranteed in advance what the key transfer will be.
Since the public encryption scheme is so closely related to the public key transfer previously discussed it is clear that the method will work in much greater generality than has been presented here. For example, such a scheme can be developed in the framework of an algebraic number field and the use of Artin symbols instead of Jacobi symbols. Note that a Jacobi symbol is a special case of an Artin symbol. The cryptographic security of the system will then be based on the zeta oneway function associated to the class of Artin Lfunctions.
The Zeta Apparatus is illustrated in FIG. 9. It includes identical subsystems, A and B, which communicate through Communication Modules 95 (which receive and transmit code) and which also communicate with offline Prime Storers 91, 92. Prime Storers 91, 92 store and produce disjoint sets of primes (determined by Artin reciprocity) from a predetermined algebraic number field. For example, in the special case where the algebraic number field is the rational number field, we may take the set of primes stored in 91 to be the primes congruent to 1 modulo 8, and the set of primes stored in 92, the primes congruent to 5 modulo 8. The main components of the Zeta Apparatus are: identical Zeta Machines 90 which perform arithmetic computations; the Communication Modules 95 for information exchange between subsystems A, B; Collection/Distribution Modules 93 for internally storing and routing data within a subsystem; Feature Modules 94 for specifying required modes of operation. The Zeta Apparatus operates in the following modes: Pseudorandom Sequence Generator Mode; Authentication Mode; Key Transfer Mode; Send/Receive Mode; Privacy Enhancer Mode (this mode operates in conjunction with the latter three modes).
The most basic operating mode of the Zeta Apparatus is as a pseudorandom sequence generator. This mode of operation is readily employed in the operation of stream ciphers, and is utilized in the other modes of operation of the Zeta Apparatus. The higher modes of operation refer to authentication, key exchange by public discussion and message transfer employing public key encryption. These higher modes of operation can be enhanced by a unique feature employed in the Zeta Apparatus allowing users of the Zeta Apparatus to employ private keys for enhanced security.
We now discuss FIG. 10 which represents the Zeta Machine 90 occurring in subsystems A, B. The Zeta Machine operates in the following manner. The Prime Chooser 71 requests a set of primes (denoted Pset) from the Prime Storer 100. After receiving Pset, Prime Chooser 71 chooses a subset of Pset (denoted Psubset) and sends Psubset to both the Multiplier 72 and the Artin Symbol Chooser 102. The Multiplier 72 produces from Psubset the conductor which is the product of the primes in Psubset. The conductor is sent to the Artin Symbol Generator 101 which then requests an additional set of primes (denoted Auxiliary Pset) from the Prime Storer 100 and then computes from the conductor and Auxiliary Pset the Artin symbol list which is then sent to the Store and Forward Module 103. Alternatively, the primes of the Pset and or the Auxiliary Pset may be generated or calculated according to predetermined criteria or retrieved over a communication channel. The Artin Symbol Chooser 102, upon receiving Psubset from Prime Chooser 71 and an External Pset, produces Artin symbol sublist which is then sent to the Multiplier 72 which simply multiplies the Artin symbols in the Artin symbol sublist producing the keycode which is sent to the Store and Forward Module 103.
FIG. 11 represents the Feature Module 94 which includes three submodules: Privacy Enhancer Submodule 110; Authenticator Submodule 111; Bit Corrector Submodule 112. The Feature Module 94 configures its submodules 110, 111, 112 according to the specified mode of operation of the Zeta Apparatus.
Modes of Operation: FIG. 12 illustrates the operation of the Zeta Apparatus in Pseudorandom Sequence Generator Mode. The Prime Chooser 71 requests a set of primes (denoted Pset) from the Prime Storer 100. After receiving Pset, Prime Chooser 71 chooses a subset of Pset (denoted Psubset) and sends Psubset to the Multiplier 72. The Multiplier 72 produces from Psubset the conductor which is the product of the primes in Psubset. The conductor is sent to the Artin Symbol Generator 101 which then requests the primes Auxiliary Pset from the Prime Storer 100 and then computes from the conductor and Pset the Artin symbol list which is then sent to the Privacy Enhancer Submodule 110. The Privacy Enhancer Submodule 110 produces the Privacy enhanced Artin symbol list and sends it to the Store and Forward Module 103. The Privacy Enhancer Submodule 110 is in one of two states: ON or OFF. If it is ON, it permutes the Artin symbol list employing a one way permutation known privately to both subsystems A, B. If it is OFF, it simply transmits the Artin symbol list to the Store and Forward Module 103. FIG. 13 illustrates the Zeta Apparatus in Authentication Mode. In this mode, subsystem B is in Pseudorandom Generator Mode and transmits Pset, Psubset and Privacy enhanced Artin symbol list to subsystem A which then operates as follows. Subsystem A computes from the received inputs Pset and Psubset the Privacy enhanced Artin symbol list and sends it to the Authenticator Submodule 111 which compares it to the Privacy enhanced Artin symbol list transmitted by subsystem B. If these lists agree then authentication is confirmed.
FIG. 14 illustrates the Zeta Apparatus in Key Transfer Mode. In this mode of operation, subsystems A, B operate symmetrically, so it is enough to restrict this description to subsystem A. In FIG. 14, Store and Forward Modules and Transmitters and Receivers are omitted in order to simplify the figure. Labeled lightning bolts indicate transmissions. The Prime Chooser 71 requests a set of primes (denoted Pset(A)) from the Prime Storer 91. After receiving Pset(A), Prime Chooser 71 chooses a subset of Pset(A) (denoted Psubset(A)) and sends Psubset(A) to the Multiplier 72. The Multiplier 72 produces from Psubset(A) the conductor(A) which is the product of the primes in Psubset(A). The conductor(A) is sent to the Artin Symbol Generator 101 which then requests the primes Pset(B) (transmitted by subsystem B) from the Prime Storer 92 and then computes from the conductor(A) and Pset(B) the Artin symbol list(A) which is then sent to the Privacy Enhancer Submodule 110. The Privacy Enhancer Submodule 110 then sends Privacy enhanced Artin symbol list (A) to the transmitter which transmits this list (upon request) to the Artin Symbol Chooser 102 of subsystem B. The Prime Chooser 71 also sends Psubset(A) to the Artin Symbol Chooser 102 which then requests Privacy enhanced Artin symbol list(B) from subsystem B. Upon receiving this data, Artin Symbol Chooser 102 computes Artin symbol sublist(A) and sends this sublist to the Multi plier 72. The Multiplier 72 then multiplies the Artin symbols in Artin symbol sublist(A) which is the key code. The key code will be identical in both subsystems and is then sent to the Store and Forward Module 103. According to an alternative configuration, Pset(A) and Pset(B) may be stored in both subsystems, generated in each subsystem according to a predetermined or specified criteria or transmitted to a subsystem from an accessible storage or generation facility.
FIG. 15 illustrates the Zeta Apparatus in Send/Receive Mode. In this mode of operation, we designate that subsystem A is transmitting a bit a=±1 to subsystem B which is in Key Transfer Mode. We restrict our discussion to subsystem A. In FIG. 15, Store and Forward Modules and Transmitters and Receivers are omitted in order to simplify the figure. Labeled lightning bolts indicate transmissions. The Prime Chooser 71 requests a set of primes (denoted Pset(A)) from the Prime Storer 91. After receiving Pset(A), Prime Chooser 71 chooses a subset of Pset(A) (denoted Psubset(A)) and sends Psubset(A) to the Multiplier 72. The Multiplier 72 produces from Psubset(A) the conductor(A) which is the product of the primes in Psubset(A). The conductor(A) is sent to the Artin Symbol Generator 101 which then requests the primes Pset(B) (transmitted by subsystem B) from the Prime Storer 92 and then computes from the conductor(A) and Pset(B) the Artin symbol list(A) which is then sent to the Bit Corrector Submodule 112. Concurrently, the Prime Chooser 71 also sends Psubset(A) to the Artin Symbol Chooser 102 which then requests Privacy enhanced Artin symbol list(B) from subsystem B. Upon receiving this data, Artin Symbol Chooser 102 computes Artin symbol sublist(A) and sends this sublist to the Multiplier 72. The Multiplier 72 then multiplies the Artin, symbols in Artin symbol sublist(A) which is the key code (which is also assumed to be a bit k=±1. The bit n is then sent to the Bit Corrector Submodule 112 which compares the bits a and k. If a=k then the Artin symbol list(A) is sent on to the Privacy Enhancer Submodule 110. On the other hand, if a≠k, then the Bit Corrector Submodule 112 modifies the Artin symbol list(A) (as previously discussed in the section on the Public Key Encryption Scheme) and sends this modified Artin symbol list to the Privacy Enhancer Submodule 110. The Privacy Enhancer Submodule 110 then sends this list to the transmitter which transmits this list (upon request) to the Artin Symbol Chooser 102 of subsystem B. The privacy enhancer submodules illustrated in FIGS. 1115 may be omitted from the respective embodiments. The privacy enhancer is an optional and advantageous feature in certain applications.
The invention is illustrated and described by way of specific embodiments. Those of ordinary skill in the art will recognize that modifications may be made without departing from the spirit of the invention and scope defined by the claims.
Claims (13)
Priority Applications (2)
Application Number  Priority Date  Filing Date  Title 

US08/400,928 US5577124A (en)  19950309  19950309  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
US08/752,033 US5751808A (en)  19950309  19961119  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
Applications Claiming Priority (1)
Application Number  Priority Date  Filing Date  Title 

US08/752,033 US5751808A (en)  19950309  19961119  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
Related Parent Applications (1)
Application Number  Title  Priority Date  Filing Date  

US08/400,928 Continuation US5577124A (en)  19950309  19950309  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
Publications (1)
Publication Number  Publication Date 

US5751808A true US5751808A (en)  19980512 
Family
ID=23585578
Family Applications (2)
Application Number  Title  Priority Date  Filing Date 

US08/400,928 Expired  Fee Related US5577124A (en)  19950309  19950309  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
US08/752,033 Expired  Fee Related US5751808A (en)  19950309  19961119  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
Family Applications Before (1)
Application Number  Title  Priority Date  Filing Date 

US08/400,928 Expired  Fee Related US5577124A (en)  19950309  19950309  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
Country Status (6)
Country  Link 

US (2)  US5577124A (en) 
EP (1)  EP0872079A2 (en) 
JP (1)  JPH11502321A (en) 
AU (1)  AU711911B2 (en) 
CA (1)  CA2214903A1 (en) 
WO (1)  WO1996034473A2 (en) 
Cited By (33)
Publication number  Priority date  Publication date  Assignee  Title 

WO1999030458A1 (en) *  19971205  19990617  Secured Information Technology, Inc.  Transformation methods for optimizing elliptic curve cryptographic computations 
US6044388A (en) *  19970515  20000328  International Business Machine Corporation  Pseudorandom number generator 
US6094486A (en) *  19970619  20000725  Marchant; Brian E.  Security apparatus for data transmission with dynamic random encryption 
WO2000054455A1 (en) *  19990311  20000914  Tecsec, Incorporated  Voice and data encryption method using a cryptographic key split combiner 
US6236728B1 (en)  19970619  20010522  Brian E. Marchant  Security apparatus for data transmission with dynamic random encryption 
US6240183B1 (en)  19970619  20010529  Brian E. Marchant  Security apparatus for data transmission with dynamic random encryption 
US20020073345A1 (en) *  20001211  20020613  Joseph Esfahani  Secure indentification method and apparatus 
US20020184511A1 (en) *  19970508  20021205  Kolouch James L.  Secure accounting and operational control reporting system 
US20030005005A1 (en) *  20010413  20030102  Schmidt Douglas Charles  Method and apparatus for generating random number generators 
US20030039358A1 (en) *  19980213  20030227  Scheidt Edward M.  Cryptographic key split binding process and apparatus 
US6542608B2 (en)  19970213  20030401  Tecsec Incorporated  Cryptographic key split combiner 
US6668265B1 (en) *  19990329  20031223  Communications Research Laboratory, Ministry Of Posts And Telecommunications  Apparatus and method for outputting sequence of vectors, data recording medium, and carrier wave signal 
DE10229811A1 (en) *  20020703  20040115  Deutsche Telekom Ag  Encryption method based on factorization 
US6684330B1 (en)  19981016  20040127  Tecsec, Inc.  Cryptographic information and flow control 
US6718038B1 (en) *  20000727  20040406  The United States Of America As Represented By The National Security Agency  Cryptographic method using modified fractional fourier transform kernel 
WO2006050605A1 (en) *  20041111  20060518  Certicom Corp.  New trapdoor oneway function on elliptic curves and their applications to shorter signatures and asymmetric encryption 
US7095852B2 (en)  19980213  20060822  Tecsec, Inc.  Cryptographic key split binder for use with tagged data elements 
US7095851B1 (en)  19990311  20060822  Tecsec, Inc.  Voice and data encryption method using a cryptographic key split combiner 
US20060204006A1 (en) *  19970213  20060914  Scheidt Edward M  Cryptographic key split combiner 
US7111173B1 (en)  19980901  20060919  Tecsec, Inc.  Encryption process including a biometric unit 
US20060210069A1 (en) *  20050315  20060921  Microsoft Corporation  Elliptic curve point octupling for weighted projective coordinates 
US20070046424A1 (en) *  20050831  20070301  Davis Michael L  Device authentication using a unidirectional protocol 
US7190787B1 (en) *  19991130  20070313  Intel Corporation  Stream cipher having a combiner function with storage based shuffle unit 
US20070165843A1 (en) *  20060113  20070719  Microsoft Corporation  Trapdoor Pairings 
US20090153290A1 (en) *  20071214  20090618  Farpointe Data, Inc., A California Corporation  Secure interface for access control systems 
US20100034375A1 (en) *  20080811  20100211  Assa Abloy Ab  Secure wiegand communications 
US20100039220A1 (en) *  20080814  20100218  Assa Abloy Ab  Rfid reader with embedded attack detection heuristics 
US7680268B2 (en)  20050315  20100316  Microsoft Corporation  Elliptic curve point octupling using single instruction multiple data processing 
US20110116628A1 (en) *  19980213  20110519  Tecsec, Inc.  Cryptographic key split binder for use with tagged data elements 
US8719324B1 (en) *  20050428  20140506  Cetin K. Koc  Spectral modular arithmetic method and apparatus 
WO2018026944A1 (en) *  20160802  20180208  XLogos, LLC  Methods and systems for enhanced datacentric encryption systems using geometric algebra 
US10148285B1 (en)  20120725  20181204  Erich Schmitt  Abstraction and deabstraction of a digital data stream 
US10452877B2 (en)  20161216  20191022  Assa Abloy Ab  Methods to combine and autoconfigure wiegand and RS485 
Families Citing this family (11)
Publication number  Priority date  Publication date  Assignee  Title 

EP0693836A1 (en) *  19940610  19960124  Sun Microsystems, Inc.  Method and apparatus for a keymanagement scheme for internet protocols. 
US5577124A (en) *  19950309  19961119  Arithmetica, Inc.  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
FR2737370B1 (en) *  19950727  19970822  Bull Cp8  Method for cryptographic communication 
AU743461B2 (en) *  19950727  20020124  Cp8 Technologies  Cryptographic communication process 
JP4068664B2 (en) *  19960819  20080326  エヌティーアールユー クリプトシステムズ，インコーポレーテッド  Public key cryptosystem method and apparatus 
US6266771B1 (en)  19970210  20010724  The Regents Of The University Of California  Probabilistic signature scheme 
EP1073739B1 (en)  19980429  20061227  Vlaams Interuniversitair Instituut voor Biotechnologie vzw.  Cd40interacting and trafinteracting proteins 
RU2153191C2 (en)  19980929  20000720  Закрытое акционерное общество "Алкорсофт"  Method for blind production of digital rsa signature and device which implements said method 
RU2157001C2 (en)  19981125  20000927  Закрытое акционерное общество "Алкорсофт"  Method for conducting transactions 
CA2325615A1 (en) *  20001110  20020510  Robert F. Enenkel  Method and apparatus for evaluating polynomials and rational functions 
US8244909B1 (en) *  20090618  20120814  Google Inc.  Method, apparatus and networking equipment for performing flow hashing using quasi cryptographic hash functions 
Citations (1)
Publication number  Priority date  Publication date  Assignee  Title 

US5577124A (en) *  19950309  19961119  Arithmetica, Inc.  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
Family Cites Families (5)
Publication number  Priority date  Publication date  Assignee  Title 

US4200770A (en) *  19770906  19800429  Stanford University  Cryptographic apparatus and method 
US4405829A (en) *  19771214  19830920  Massachusetts Institute Of Technology  Cryptographic communications system and method 
US5272755A (en) *  19910628  19931221  Matsushita Electric Industrial Co., Ltd.  Public key cryptosystem with an elliptic curve 
US5159632A (en) *  19910917  19921027  Next Computer, Inc.  Method and apparatus for public key exchange in a cryptographic system 
US5373558A (en) *  19930525  19941213  Chaum; David  Desinatedconfirmer signature systems 

1995
 19950309 US US08/400,928 patent/US5577124A/en not_active Expired  Fee Related

1996
 19960311 EP EP19960929645 patent/EP0872079A2/en not_active Withdrawn
 19960311 CA CA 2214903 patent/CA2214903A1/en not_active Abandoned
 19960311 AU AU68947/96A patent/AU711911B2/en not_active Ceased
 19960311 JP JP52978096A patent/JPH11502321A/en active Pending
 19960311 WO PCT/US1996/003270 patent/WO1996034473A2/en not_active Application Discontinuation
 19961119 US US08/752,033 patent/US5751808A/en not_active Expired  Fee Related
Patent Citations (1)
Publication number  Priority date  Publication date  Assignee  Title 

US5577124A (en) *  19950309  19961119  Arithmetica, Inc.  Multipurpose high speed cryptographically secure sequence generator based on zetaoneway functions 
NonPatent Citations (2)
Title 

A. Konheim, Cryptography: A Primer ; (John Wiley & Sons, Inc.; 1981), pp. 326 329. * 
A. Konheim, Cryptography: A Primer; (John Wiley & Sons, Inc.; 1981), pp. 326329. 
Cited By (63)
Publication number  Priority date  Publication date  Assignee  Title 

US6542608B2 (en)  19970213  20030401  Tecsec Incorporated  Cryptographic key split combiner 
US8712046B2 (en)  19970213  20140429  Tecsec Inc.  Cryptographic key split combiner 
US7974410B2 (en)  19970213  20110705  Tecsec, Inc.  Cryptographic key split combiner 
US20060204006A1 (en) *  19970213  20060914  Scheidt Edward M  Cryptographic key split combiner 
US6885747B1 (en) *  19970213  20050426  Tec.Sec, Inc.  Cryptographic key split combiner 
US6606386B2 (en)  19970213  20030812  Tecsec Inc  Cryptographic key split combiner 
US6549623B1 (en)  19970213  20030415  Tecsec, Incorporated  Cryptographic key split combiner 
US6608901B2 (en)  19970213  20030819  Tecsec, Inc.  Cryptographic key split combiner 
US20020184511A1 (en) *  19970508  20021205  Kolouch James L.  Secure accounting and operational control reporting system 
US6044388A (en) *  19970515  20000328  International Business Machine Corporation  Pseudorandom number generator 
US6236728B1 (en)  19970619  20010522  Brian E. Marchant  Security apparatus for data transmission with dynamic random encryption 
US6094486A (en) *  19970619  20000725  Marchant; Brian E.  Security apparatus for data transmission with dynamic random encryption 
US6240183B1 (en)  19970619  20010529  Brian E. Marchant  Security apparatus for data transmission with dynamic random encryption 
AU758621B2 (en) *  19971205  20030327  Icesoft Technologies, Inc.  Transformation methods for optimizing elliptic curve cryptographic computations 
WO1999030458A1 (en) *  19971205  19990617  Secured Information Technology, Inc.  Transformation methods for optimizing elliptic curve cryptographic computations 
US7095852B2 (en)  19980213  20060822  Tecsec, Inc.  Cryptographic key split binder for use with tagged data elements 
US20110116628A1 (en) *  19980213  20110519  Tecsec, Inc.  Cryptographic key split binder for use with tagged data elements 
US7079653B2 (en)  19980213  20060718  Tecsec, Inc.  Cryptographic key split binding process and apparatus 
US20030039358A1 (en) *  19980213  20030227  Scheidt Edward M.  Cryptographic key split binding process and apparatus 
US8077870B2 (en)  19980213  20111213  Tecsec, Inc.  Cryptographic key split binder for use with tagged data elements 
US7212632B2 (en)  19980213  20070501  Tecsec, Inc.  Cryptographic key split combiner 
US7111173B1 (en)  19980901  20060919  Tecsec, Inc.  Encryption process including a biometric unit 
US6684330B1 (en)  19981016  20040127  Tecsec, Inc.  Cryptographic information and flow control 
US20040101139A1 (en) *  19981016  20040527  Wack C. Jay  Cryptographic information and flow control 
US7089417B2 (en)  19981016  20060808  Tecsec, Inc.  Cryptographic information and flow control 
WO2000054455A1 (en) *  19990311  20000914  Tecsec, Incorporated  Voice and data encryption method using a cryptographic key split combiner 
US7095851B1 (en)  19990311  20060822  Tecsec, Inc.  Voice and data encryption method using a cryptographic key split combiner 
US7257608B2 (en)  19990329  20070814  National Institute Of Information And Communications Technology Incorporated Administrative Agency  Apparatus and method for outputting sequence of vectors, data recording medium, and carrier wave signal 
US6668265B1 (en) *  19990329  20031223  Communications Research Laboratory, Ministry Of Posts And Telecommunications  Apparatus and method for outputting sequence of vectors, data recording medium, and carrier wave signal 
US20040052267A1 (en) *  19990329  20040318  Ken Umeno  Apparatus and method for outputting sequence of vectors, data recording medium, and carrier wave signal 
US7190787B1 (en) *  19991130  20070313  Intel Corporation  Stream cipher having a combiner function with storage based shuffle unit 
US6718038B1 (en) *  20000727  20040406  The United States Of America As Represented By The National Security Agency  Cryptographic method using modified fractional fourier transform kernel 
US20020073345A1 (en) *  20001211  20020613  Joseph Esfahani  Secure indentification method and apparatus 
US7634523B2 (en)  20010413  20091215  Science Applications International Corporation  Random number generators 
US20040153486A1 (en) *  20010413  20040805  Science Applications International Corporation  Random number generators 
US6691141B2 (en) *  20010413  20040210  Science Applications International Corp.  Method and apparatus for generating random number generators 
US20030005005A1 (en) *  20010413  20030102  Schmidt Douglas Charles  Method and apparatus for generating random number generators 
US7016925B2 (en)  20010413  20060321  Sceince Application Internationnal Corporation  Random number generators 
DE10229811A1 (en) *  20020703  20040115  Deutsche Telekom Ag  Encryption method based on factorization 
US7844051B2 (en)  20041111  20101130  Certicom Corp.  Trapdoor oneway functions on elliptic curves and their application to shorter signatures and asymmetric encryption 
CN101099329B (en)  20041111  20121226  塞尔蒂卡姆公司  New trapdoor oneway function on elliptic curves and their applications to shorter signatures and asymmetric encryption 
US8213605B2 (en)  20041111  20120703  Certicom Corp.  Trapdoor oneway functions on elliptic curves and their application to shorter signatures and asymmetric encryption 
US8782400B2 (en)  20041111  20140715  Certicom Corp.  Trapdoor oneway functions on elliptic curves and their application to shorter signatures and asymmetric encryption 
WO2006050605A1 (en) *  20041111  20060518  Certicom Corp.  New trapdoor oneway function on elliptic curves and their applications to shorter signatures and asymmetric encryption 
US20110060909A1 (en) *  20041111  20110310  Certicom Corp.  Trapdoor oneway functions on elliptic curves and their application to shorter signatures and asymmetric encryption 
US20060140400A1 (en) *  20041111  20060629  Brown Daniel R  Trapdoor oneway functions on elliptic curves and their application to shorter signatures and asymmetric encryption 
US7702098B2 (en)  20050315  20100420  Microsoft Corporation  Elliptic curve point octupling for weighted projective coordinates 
US7680268B2 (en)  20050315  20100316  Microsoft Corporation  Elliptic curve point octupling using single instruction multiple data processing 
US20060210069A1 (en) *  20050315  20060921  Microsoft Corporation  Elliptic curve point octupling for weighted projective coordinates 
US8719324B1 (en) *  20050428  20140506  Cetin K. Koc  Spectral modular arithmetic method and apparatus 
US8183980B2 (en)  20050831  20120522  Assa Abloy Ab  Device authentication using a unidirectional protocol 
US20070046424A1 (en) *  20050831  20070301  Davis Michael L  Device authentication using a unidirectional protocol 
US20070165843A1 (en) *  20060113  20070719  Microsoft Corporation  Trapdoor Pairings 
US8180047B2 (en) *  20060113  20120515  Microsoft Corporation  Trapdoor pairings 
US20090153290A1 (en) *  20071214  20090618  Farpointe Data, Inc., A California Corporation  Secure interface for access control systems 
US20100034375A1 (en) *  20080811  20100211  Assa Abloy Ab  Secure wiegand communications 
US8923513B2 (en)  20080811  20141230  Assa Abloy Ab  Secure wiegand communications 
US8943562B2 (en)  20080811  20150127  Assa Abloy Ab  Secure Wiegand communications 
US8358783B2 (en)  20080811  20130122  Assa Abloy Ab  Secure wiegand communications 
US20100039220A1 (en) *  20080814  20100218  Assa Abloy Ab  Rfid reader with embedded attack detection heuristics 
US10148285B1 (en)  20120725  20181204  Erich Schmitt  Abstraction and deabstraction of a digital data stream 
WO2018026944A1 (en) *  20160802  20180208  XLogos, LLC  Methods and systems for enhanced datacentric encryption systems using geometric algebra 
US10452877B2 (en)  20161216  20191022  Assa Abloy Ab  Methods to combine and autoconfigure wiegand and RS485 
Also Published As
Publication number  Publication date 

CA2214903A1 (en)  19961031 
AU6894796A (en)  19961118 
AU711911B2 (en)  19991021 
JPH11502321A (en)  19990223 
EP0872079A2 (en)  19981021 
WO1996034473A2 (en)  19961031 
WO1996034473A3 (en)  19961227 
US5577124A (en)  19961119 
Similar Documents
Publication  Publication Date  Title 

Burmester et al.  A secure and efficient conference key distribution system  
Ivan et al.  Proxy Cryptography Revisited.  
Okamoto et al.  A new publickey cryptosystem as secure as factoring  
Blake et al.  Strong conditional oblivious transfer and computing on intervals  
Camenisch et al.  Proving in zeroknowledge that a number is the product of two safe primes  
Naor et al.  Oblivious transfer with adaptive queries  
Blum et al.  Comparison of two pseudorandom number generators  
Lipmaa  An oblivious transfer protocol with logsquared communication  
Lin et al.  An efficient solution to the millionaires’ problem based on homomorphic encryption  
US5666414A (en)  Guaranteed partial keyescrow  
Leighton et al.  Secretkey agreement without publickey cryptography  
EP0635956B1 (en)  Encryption apparatus, communication system using the same and method therefor  
Boneh et al.  Chosenciphertext security from identitybased encryption  
JP4790122B2 (en)  Robust and efficient distributed RSA key generation  
US6751318B2 (en)  Method and apparatus for digital signature authentication  
Aumann et al.  Everlasting security in the bounded storage model  
Okamoto et al.  REACT: Rapid enhancedsecurity asymmetric cryptosystem transform  
Chen et al.  Improved identitybased signcryption  
EP0482233B1 (en)  Cryptographic system allowing encrypted communication between users with a secure mutual cipher key determined without user interaction  
Ostrovsky et al.  A survey of singledatabase private information retrieval: Techniques and applications  
US4200770A (en)  Cryptographic apparatus and method  
Gong et al.  Publickey cryptosystems based on cubic finite field extensions  
Shoup  Practical threshold signatures  
US5987131A (en)  Cryptographic key exchange using precomputation  
Pohlig et al.  An improved algorithm for computing logarithms over GF (p) and its cryptographic significance (Corresp.) 
Legal Events
Date  Code  Title  Description 

FPAY  Fee payment 
Year of fee payment: 4 

FPAY  Fee payment 
Year of fee payment: 8 

REMI  Maintenance fee reminder mailed  
LAPS  Lapse for failure to pay maintenance fees  
STCH  Information on status: patent discontinuation 
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 

FP  Expired due to failure to pay maintenance fee 
Effective date: 20100512 